<?php
require_once('mysql_connect.php');
if (!isset($_SESSION['userid'])){
	header("Location:login.php");
	exit();
}

$loc ="login";


if(isset($_POST['submit'])){
	$password = escape_data($_POST['password']);
	$query = "SELECT * FROM users WHERE id=" . $_SESSION['userid'] . " AND password=PASSWORD('" . $password . "') LIMIT 1";
	$result = mysql_query($query);
	if($_POST['passwordnew'] == $_POST['passwordtwo']){
		$pass = escape_data($_POST['passwordnew']);
		$p =TRUE;
	}else{
		$p = FALSE;
	}
	if(mysql_num_rows($result) > 0 && $p){
		$row = mysql_fetch_array($result);
		$queryinsert = "UPDATE users SET password=PASSWORD('" . $pass . "') WHERE id=" . $row['id'];
		$resultinsert = @mysql_query($queryinsert);
	}else{
		$mes = "I'm sorry but something is wrong with your data.";
	}
}
include('top.php');
?>
<TABLE><TR><TD>
<?php
if(isset($mes)){
echo "<FONT FACE=\"Verdana\" size=-1 color=\"red\">";
echo $mes;
echo "</FONT><BR>";
}
?>
<FORM ACTION="changepass.php" method="post"><FONT FACE="Verdana" size=-1>old password: </FONT><INPUT TYPE="password" name="password" id="password">
<BR><FONT FACE="Verdana" size=-1>new password: </FONT><INPUT TYPE="password" name="passwordnew" id="passwordnew">
<BR><FONT FACE="Verdana" size=-1>again: </FONT><INPUT TYPE="password" name="passwordtwo" id="passwordtwo"><BR><INPUT TYPE="submit" name="submit" id="submit" value="change password"></FONT></FORM>
</TD></TR></TABLE>
<?php
include('bot.php');
?>